[
https://jira.jboss.org/jira/browse/DNA-399?page=com.atlassian.jira.plugin...
]
Brian Carothers updated DNA-399:
--------------------------------
Attachment: DNA-399.patch
Applied attached patch that adds permission checks to item reads, item removes, property
modification and node addition calls and adds a new test case that extends the JR TCK
framework, and adds a new workspace in RepositoryStubImpl creatively named
'otherWorkspace';
Adding the extra workspace will cause some false regressions in the nightly TCK run as it
enables 3 cloning tests that silently passed when there was only one workspace in the
repository.
I will leave this defect open for a few days (and probably post a forum topic) to try to
get some feedback on if this is sufficient security for the 1.0 release. I am curious
whether there is any interest in being able to assign roles on a per repository and
workspace basis in the case of multiple repositories feeding from a single JAAS source, if
there is interest in adding an admin role that is required for type and namespace
registration, or any other needed enhancements.
Need to Add Session.checkPermission Calls to Guard Read, Add Node,
Set Property, and Remove Item Access
-------------------------------------------------------------------------------------------------------
Key: DNA-399
URL:
https://jira.jboss.org/jira/browse/DNA-399
Project: DNA
Issue Type: Bug
Components: JCR
Affects Versions: 0.4
Reporter: Brian Carothers
Fix For: 0.6
Attachments: DNA-399.patch
Now that JcrSession.checkPermission works (assuming patch takes), we need to add
checkPermission calls to guard "read", "add_node", "remove",
and "set_property" access, as per spec.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira